From: "Erich E. Hoover" Subject: [PATCH 2/3] advapi: Return the current user and the administrator in the DACL (resend 4). Message-Id: Date: Tue, 30 Oct 2012 13:51:23 -0600 With this patch the current user (usually S-1-5-21-0-0-0-1000) and the administrator built-in (S-1-5-32-544) are returned in the DACL, allowing PlayReady to recognize that it's individualization folder has the appropriate permissions. Without this patch, and the preceding patch, attempting to load Netflix will cause an Internet Connection Problem when the loading bar gets to 99% (Bug #31858). With this patch in place then Netflix still doesn't quite work, but it's very close - it will then play about 1 second of audio before stopping due to Bug #31993 (part 3). From 7615369a6d010ee1d6cd9fcba01680a5abc63dfb Mon Sep 17 00:00:00 2001 From: Erich Hoover Date: Tue, 30 Oct 2012 09:51:33 -0600 Subject: advapi: Return the current user and the administrator in the DACL. --- dlls/advapi32/security.c | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index c493983..da484d3 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -5405,9 +5405,9 @@ DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type, SECURITY_INFORMATION info, PSID* owner, PSID* group, PACL* dacl, PACL* sacl, PSECURITY_DESCRIPTOR* descriptor ) { - char b[sizeof(TOKEN_USER) + sizeof(MAX_SID)]; - DWORD needed, offset, l = sizeof(b), owner_len = sizeof(sidWorld); - PSID owner_sid = (PSID) &sidWorld; + char b[sizeof(TOKEN_USER) + sizeof(MAX_SID)], a[sizeof(MAX_SID)]; + DWORD needed, offset, l = sizeof(b), owner_len = sizeof(sidWorld), admin_len = sizeof(a); + PSID owner_sid = (PSID) &sidWorld, admin_sid = (PSID) a; SECURITY_DESCRIPTOR_RELATIVE *relative = NULL; BOOL ret = TRUE; HANDLE token; @@ -5442,6 +5442,7 @@ DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type, owner_sid = ((TOKEN_USER *)b)->User.Sid; owner_len = GetLengthSid(owner_sid); } + CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &admin_len); needed = !descriptor ? 0 : sizeof(SECURITY_DESCRIPTOR_RELATIVE); if (info & OWNER_SECURITY_INFORMATION) @@ -5449,7 +5450,7 @@ DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type, if (info & GROUP_SECURITY_INFORMATION) needed += sizeof(sidWorld); if (info & DACL_SECURITY_INFORMATION) - needed += WINE_SIZE_OF_WORLD_ACCESS_ACL; + needed += sizeof(ACL) + (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD))*2 + owner_len + admin_len; if (info & SACL_SECURITY_INFORMATION) needed += WINE_SIZE_OF_WORLD_ACCESS_ACL; @@ -5499,7 +5500,30 @@ DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type, } if (info & DACL_SECURITY_INFORMATION) { - GetWorldAccessACL( (PACL)(buffer + offset) ); + PACL pACL = (PACL)(buffer + offset); + PACCESS_ALLOWED_ACE pACE = (PACCESS_ALLOWED_ACE) (pACL + 1); + + pACL->AclRevision = ACL_REVISION; + pACL->Sbz1 = 0; + pACL->AclSize = sizeof(ACL) + (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD))*2 + owner_len + admin_len; + pACL->AceCount = 2; + pACL->Sbz2 = 0; + + /* This first ACE contains the access for the file's owner */ + pACE->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; + pACE->Header.AceFlags = OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE; + pACE->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + owner_len - sizeof(DWORD); + pACE->Mask = 0xf3ffffff; /* Everything except reserved bits */ + memcpy(&pACE->SidStart, owner_sid, owner_len); + + /* This second ACE contains the access for the Administrators */ + pACE = (PACCESS_ALLOWED_ACE)((char *)pACE + pACE->Header.AceSize); + pACE->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; + pACE->Header.AceFlags = OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE; + pACE->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + admin_len - sizeof(DWORD); + pACE->Mask = 0xf3ffffff; /* Everything except reserved bits */ + memcpy(&pACE->SidStart, admin_sid, admin_len); + if(relative) { relative->Control |= SE_DACL_PRESENT; -- 1.7.9.5